Re: What belongs in the Debian cloud kernel?

To: Noah Meyerhans <noahm@debian.org>
Cc: debian-cloud@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: What belongs in the Debian cloud kernel?
From: Ross Vandegrift <rvandegrift@debian.org>
Date: Thu, 2 Apr 2020 10:55:16 -0700
Message-id: <[🔎] 20200402175516.lhqq66cxjzhesqoh@vanvanmojo.kallisti.us>
In-reply-to: <[🔎] 20200401191537.GA27071@morgul.net>
References: <[🔎] 20200401191537.GA27071@morgul.net>

On Wed, Apr 01, 2020 at 03:15:37PM -0400, Noah Meyerhans wrote:
> Should we simply say "yes" to any request to add functionality to the
> cloud kernel?  None of the drivers will add *that* much to the size of
> the image, and if people are asking for them, then they've obviously got
> a use case for them.  Or is this a slipperly slope that diminishes the
> value of the cloud kernel?  I can see both sides of the argument, so I'd
> like to hear what others have to say.

I don't think just saying "yes" automatically is the best approach.  But
I'm not sure we can come up with a clear set of rules.  Evaluating the
use cases will involve judgment calls about size vs functionality.  I
guess I think that's okay.

The first two bugs are about nested virtualization.  I like the idea of
deciding to support that or not.  I don't know much about nested virt,
so I don't have a strong opinion.  It seems pretty widely supported on
our platforms.  I don't know if it raises performance or security
concerns.  So these seem okay to me, as long as we decide to support
nested virt, and there aren't major cons that I'm unaware of.

Can you share more about the KSM use case?  I'm worried about raising
security concerns for this one.  KSM has had a history of enabling
attacks that are sorta serious, but also sorta theoretical.  This might
cause upset from infosec folks that freak out about any vulnerability -
even when they don't really understand the magnitude of the risk.

I tried to understand the current state of KSM security.  But I couldn't
easily find a recent summary, and I'm not an expert on the issues.  Here
are the older links I looked at:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2877
- https://access.redhat.com/blogs/766093/posts/1976303
- https://staff.aist.go.jp/k.suzaki/EuroSec2011-suzaki.pdf
- https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf

These sound mostly impractical to me, but they do enable scary sounding
threats (read/write across vmm and hypervisor boundaries).  That makes
me nervous, but someone who understands the issues could convince me
that these aren't worth worrying about.

Ross

Reply to:

Follow-Ups:
- Re: What belongs in the Debian cloud kernel?
  - From: Noah Meyerhans <noahm@debian.org>
- Re: What belongs in the Debian cloud kernel?
  - From: Thomas Goirand <zigo@debian.org>

References:
- What belongs in the Debian cloud kernel?
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: What belongs in the Debian cloud kernel?
Next by Date: Re: What belongs in the Debian cloud kernel?
Previous by thread: Re: What belongs in the Debian cloud kernel?
Next by thread: Re: What belongs in the Debian cloud kernel?
Index(es):
- Date
- Thread